Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Freeipa
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-0336 1 Redhat 1 Freeipa 2024-11-21 5.0 MEDIUM N/A
The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server.
CVE-2013-0199 1 Redhat 1 Freeipa 2024-11-21 5.0 MEDIUM N/A
The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.
CVE-2012-5484 1 Redhat 1 Freeipa 2024-11-21 7.9 HIGH N/A
The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.
CVE-2011-3636 1 Redhat 1 Freeipa 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.
CVE-2008-3274 1 Redhat 2 Enterprise Ipa, Freeipa 2024-11-21 5.0 MEDIUM N/A
The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.